Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] NetworkManager overwrites resolv.conf for OpenVpn
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Langest
n00b
n00b


Joined: 19 Jan 2018
Posts: 27

PostPosted: Sat Jan 20, 2018 8:13 pm    Post subject: [Solved] NetworkManager overwrites resolv.conf for OpenVpn Reply with quote

I have problems with DNS leakage because network manager overwrites resolv.conf for openvpn. Searchin I found out about openresolv when reading through the arch wiki and it seems like it has solved similar problems for other people as well. But I think I am using it wrong or it just don't work.
When booting it seems like there is a race for resolv.conf and sometimes openvpn sets the dns server I want and sometimes NetworkManager sets its dns server. I don't think either of them actually uses openresolv, because resolv.conf says in its comment that it is generated by either nm or openvpn.

Any idea what might be wrong?
Thank you!
Langest


Last edited by Langest on Wed Jan 31, 2018 8:43 pm; edited 3 times in total
Back to top
View user's profile Send private message
soitgoes0745
n00b
n00b


Joined: 08 May 2017
Posts: 28
Location: Dallas

PostPosted: Sat Jan 20, 2018 9:04 pm    Post subject: Reply with quote

Have you attempted to create a /etc/resolv.conf.head file with your VPNs DNS servers? This will prepend these nameservers to resolv.conf.
Back to top
View user's profile Send private message
Langest
n00b
n00b


Joined: 19 Jan 2018
Posts: 27

PostPosted: Sun Jan 21, 2018 7:22 pm    Post subject: Reply with quote

soitgoes0745 wrote:
Have you attempted to create a /etc/resolv.conf.head file with your VPNs DNS servers? This will prepend these nameservers to resolv.conf.


That did the trick!
Didn't solve the issue with the race condition but that doesn't matter if I can prepend my own servers.
Thank you!
Back to top
View user's profile Send private message
soitgoes0745
n00b
n00b


Joined: 08 May 2017
Posts: 28
Location: Dallas

PostPosted: Sun Jan 21, 2018 7:36 pm    Post subject: Reply with quote

You are welcome.
Back to top
View user's profile Send private message
Langest
n00b
n00b


Joined: 19 Jan 2018
Posts: 27

PostPosted: Sun Jan 21, 2018 8:20 pm    Post subject: Reply with quote

Sorry, I thought it worked but it turns out that is only works when openvpn is last to modify resolv.conf. When nm generates it, it doesn't care about the resolv.conf.head.
Could it be that nm doesn't use openresolv to generate the resolv.conf? OpenVpn leaves a comment
Code:
# Generated by resolvconf
while NetworkManager leaves a comment
Code:
# Generated by NetworkManager
Back to top
View user's profile Send private message
soitgoes0745
n00b
n00b


Joined: 08 May 2017
Posts: 28
Location: Dallas

PostPosted: Sun Jan 21, 2018 9:00 pm    Post subject: Reply with quote

I don’t use NetworkManager but I was reading the ArchWiki in regards to your issue and it was suggested that you could make resolv.conf immutable by:
Code:

# chattr +i /etc/resolv.conf

In my opinion this seems like a hack and could create issues outside of your usual network, but I am no network guru.
Back to top
View user's profile Send private message
n05ph3r42
Tux's lil' helper
Tux's lil' helper


Joined: 11 Jul 2016
Posts: 103

PostPosted: Sat Jan 27, 2018 8:48 pm    Post subject: Reply with quote

RTFM
create file
Code:
 /etc/NetworkManager/NetworkManager.conf

if it not exists.
put into it next lines:
Code:
[main]
dns=none
rc-manager=unmanaged

also check https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html


Last edited by n05ph3r42 on Sun Jan 28, 2018 9:38 pm; edited 2 times in total
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6741
Location: Blighty

PostPosted: Sun Jan 28, 2018 12:37 am    Post subject: Reply with quote

Ensure that NetworkManager has the resovlconf USE flag.
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
n05ph3r42
Tux's lil' helper
Tux's lil' helper


Joined: 11 Jul 2016
Posts: 103

PostPosted: Sun Jan 28, 2018 4:03 pm    Post subject: Reply with quote

UberLord wrote:
Ensure that NetworkManager has the resovlconf USE flag.

On my system I have - -resolvconf and solution I specified works.
I mean, no need in resolvconf flag for networkmanager, if u specify "dns=none" in NM conf, as i described earlier.
Code:
# equery u networkmanager
[ Legend : U - final flag setting for installation]
[        : I - package is installed with flag     ]
[ Colors : set, unset                             ]
 * Found these USE flags for net-misc/networkmanager-1.8.4:
 U I
 - - abi_x86_32         : 32-bit (x86) libraries
 - - audit              : Enable support for Linux audit subsystem using sys-process/audit
 + + bluetooth          : Enable Bluetooth Support
 - - connection-sharing : Use net-dns/dnsmasq and net-firewall/iptables for connection sharing
 + + consolekit         : Use sys-auth/consolekit for session tracking
 + + dhclient           : Use dhclient from net-misc/dhcp for getting ip
 - - dhcpcd             : Use net-misc/dhcpcd for getting ip
 - - gnutls             : Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
 + + introspection      : Add support for GObject based introspection
 - - json               : Enable JSON validation via dev-libs/jansson in libnm.
 + + modemmanager       : Enable support for mobile broadband devices using net-misc/modemmanager
 + + ncurses            : Add ncurses support (console display library)
 + + nss                : Use dev-libs/nss for cryptography
 - - ofono              : Use net-misc/ofono for telephony support.
 + + policykit          : Enable PolicyKit authentication support
 + + ppp                : Enable support for mobile broadband and PPPoE connections using net-dialup/ppp
 - - resolvconf         : Use net-dns/openresolv for managing DNS information
 - - systemd            : Enable use of systemd-specific libraries and features like socket activation or session tracking
 - - teamd              : Enable Teamd control support
 - - test               : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore
 - - vala               : Enable bindings for dev-lang/vala
 + + wext               : Enable support for the deprecated Wext (Wireless Extensions) API; needed for some older drivers (e.g. ipw2200, ndiswrapper)
 + + wifi               : Enable support for wifi and 802.1x security using net-wireless/wpa_supplicant
Back to top
View user's profile Send private message
UberLord
Retired Dev
Retired Dev


Joined: 18 Sep 2003
Posts: 6741
Location: Blighty

PostPosted: Sun Jan 28, 2018 4:36 pm    Post subject: Reply with quote

That might still work.
A perusal of the sources indicates that without the resolvconf path specified it will default to /sbin/resolvconf which is where it's installed for most systems.

The config might also need rc-manager=resolvconf
http://manpages.ubuntu.com/manpages/zesty/man5/NetworkManager.conf.5.html
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool
Back to top
View user's profile Send private message
n05ph3r42
Tux's lil' helper
Tux's lil' helper


Joined: 11 Jul 2016
Posts: 103

PostPosted: Sun Jan 28, 2018 8:13 pm    Post subject: Reply with quote

UberLord wrote:
That might still work.
A perusal of the sources indicates that without the resolvconf path specified it will default to /sbin/resolvconf which is where it's installed for most systems.

The config might also need rc-manager=resolvconf
http://manpages.ubuntu.com/manpages/zesty/man5/NetworkManager.conf.5.html


Due to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
In my case, it should be
Code:
rc-manager=unmanaged

otherwise /etc/resolv.conf will be cleared (and empty) after reboot.
So its a good idea to add it to NM conf
Back to top
View user's profile Send private message
Langest
n00b
n00b


Joined: 19 Jan 2018
Posts: 27

PostPosted: Wed Jan 31, 2018 8:43 pm    Post subject: Reply with quote

n05ph3r42 wrote:
RTFM
create file
Code:
 /etc/NetworkManager/NetworkManager.conf

if it not exists.
put into it next lines:
Code:
[main]
dns=none
rc-manager=unmanaged

also check https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html


Thank you!
That did the trick.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum